Privacy Notice — Sobremesa
Version 1.0 · Effective July 12, 2026 · Material changes get a new version number and a text to members before they take effect. The version history stays published.
The plain version
We're a dinner membership. We collect what we need to set good tables and keep friendships going, and very little else. We ask who you'd like to see again — and yes, that means we also record when someone isn't chosen; no member ever sees that. We sometimes give your tablemates one warm conversation prompt about you — never anything you wouldn't say in your own introduction. We never record audio or video at dinners. We never sell data. We never show ads. Your texts to us are deleted from our systems after 24 months. You can get a copy of your information or delete it by texting us. That's the whole spirit; the details follow.
1. Who we are
Sobremesa, Salt Lake City, Utah. We're early-stage: while our company formation completes, Sobremesa is operated by its founder, and this notice will be updated with the legal entity's name — that name swap alone won't count as a material change. Contact: hello@sobremesahq.com or text +13852138956.
2. What we collect
In plain words: what you tell us at screening, the texts we exchange, and what happens at dinners.
- Screening information (with your consent, at your coffee or application): name, phone, neighborhood, birth year, interests, availability, dietary needs, accessibility needs, and — only if you choose — how to count you for gender-balanced tables. The balance choice is optional and changeable anytime; declining changes nothing about your membership.
- Messages: the texts between you and Sobremesa, on SMS or WhatsApp. This is how the service works.
- Dinner records: invitations, RSVPs, attendance, and follow-up plans.
- Your answers to "who would you like to see again?" — including, necessarily, the times a member who answered did not choose you. We record both because both are needed to set better tables. No member is ever shown these answers, in either direction.
- Payments: handled by Stripe. We see that you paid and your card's last four digits; we never see or store full card numbers.
- Waitlist: first name, phone, neighborhood, and your consent to be texted — whether you joined on our site or through an Instagram lead form. We keep the exact consent wording you agreed to, versioned.
- From our website: nothing else. Our site sets no advertising or analytics cookies and runs no trackers.
We deliberately do not collect: your exact address (neighborhood is enough), your birthdate (year is enough), photos of you, or anything from your social media.
3. How we use it
In plain words: to set your table, run your week, keep everyone safe, and get better at all three.
- Composing dinner tables of people likely to enjoy each other.
- Running logistics: invitations, confirmations, follow-ups, and scheduling the next meeting when two people both want one.
- Conversation prompts: we sometimes give members at your table one warm prompt about you — for example, "ask Maria about her Atlantic crossing." The rule we hold ourselves to: never anything you wouldn't say about yourself in your own introduction.
- Safety: reviewing concerns members raise and acting on them.
- Learning what makes tables work, using outcomes like attendance and mutual interest in meeting again, so future tables are better. Some of this processing uses AI services (see §5); your messages are read by software so a human doesn't have to read most of them.
- Never for advertising. We have no advertisers. This is a founding commitment we intend to make legally binding in our corporate charter.
4. What we never do
No audio or video recording at any gathering, ever, by us, under any purpose or framing. No sale of personal information, ever. No advertising, ever. No public profiles: other members see your first name and, before dinner, one warm prompt — nothing else about you, ever. No mobile information — phone numbers, opt-in data, or SMS consent — will be shared with or sold to third parties or affiliates for marketing or promotional purposes. No data broker sources; everything we know, you told us or did with us.
5. Who touches your data (subprocessors)
In plain words: a small set of companies that run infrastructure for us, for the purposes below and nothing else.
| Provider | What they do for us | What they handle |
|---|---|---|
| Twilio | Delivers SMS and WhatsApp | Phone numbers, message content in transit |
| Stripe | Payments | Payment details (we never see card numbers) |
| Anthropic | AI processing of messages and prompts | Message text for understanding replies; not used to train their models |
| Neon | Database hosting | Our records, encrypted at rest |
| Cloudflare | Website and file storage | Site traffic, stored exports |
| Sentry | Error monitoring | Technical logs, scrubbed of personal content |
Venues receive first names, party size, and dietary needs — nothing else. We disclose information when the law genuinely requires it, and to protect someone's safety (see §8).
6. How long we keep things
In plain words: message text has a 24-month shelf life; records of what happened keep the facts without the words.
- The text of messages (and the AI-processing records of them) is deleted after 24 months, leaving structured records — that a dinner happened, that you confirmed — without the wording.
- Membership records are kept while you're a member and for 12 months after, then deleted or de-identified.
- Payment records are kept as tax and payment law requires.
- Safety records are kept separately, under restricted access, for as long as reasonably needed to protect members, reviewed annually.
- Waitlist entries are deleted after 24 months of inactivity.
7. Your choices and rights
In plain words: ask and we'll show you; ask and we'll delete it; text STOP and we stop texting. We honor these for everyone, whether or not a given privacy statute technically applies to a company our size.
- Copy of your information: text us EXPORT (or plain words to the same effect). We verify it's you with a one-time code, then send everything we hold about you. One honest note about its contents: what other members answered about you is theirs, so your export includes those answers only in aggregate — never who said what.
- Deletion: text us DELETE (or plain words). After a 24-hour cooling-off and a confirmation, we delete your personal information — including your message text — and we re-apply that deletion whenever a backup is restored, so deleted means deleted even through our disaster-recovery copies. What remains: de-identified records (a dinner had six seats), payment records the law requires, and safety records where needed to protect others.
- Correction: tell us what's wrong; we'll fix it.
- Stop texting: reply STOP — or just say it in plain words; we honor "please stop texting me" exactly like the keyword. Texting is how membership works, so opting out pauses invitations; we'll say so plainly at the time rather than let it fail silently.
- Balance counting: opt in, change, or opt out anytime; it never affects your standing.
8. The safety exception, stated honestly
If a member raises a safety concern, those records live in a restricted system, are excluded from AI processing and routine access, and may be withheld from exports where disclosure could endanger or expose another person. We think you'd want the same protection if you were the one who spoke up.
9. Texting terms (SMS)
By joining the waitlist or membership you consent to receive texts from Sobremesa about membership and your dinners — typically 2–6 messages in a week with a dinner, fewer otherwise, and never more than two prompts in a day by our own enforced policy. Message and data rates may apply. Reply HELP for help, STOP to opt out. Carriers are not liable for delayed or undelivered messages.
10. Age
Sobremesa is for adults 21 and over. We don't knowingly collect information from anyone under 21, and gatherings verify ID.
11. Changes and contact
Material changes get a version bump and a text before they take effect. Questions, requests, complaints: hello@sobremesahq.com, or text +13852138956. Governing law: Utah.
A note on how this document was written: it is generated from how our systems actually work — every claim above corresponds to a built control. If the two ever differ, we fix the system or this page, whichever was wrong. We would rather this notice be true than impressive.